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I. Basis of the report 

1 . With regard to the elements of the international application (Replacement sheets which have been furnished to 
the receiving Office in response to an invitation under Article 14 are referred to in this report as "originally filed" 
and are not annexed to this report since they do not contain amendments (Rules 70. 16 and 70. 17)): 

Description, Pages 

1 -25 as originally filed 

Claims, Numbers 

1-18 as originally filed 

Drawings, Sheets 

1/7-7/7 as originally filed 

2. With regard to the language, all the elements marked above were available or furnished to this Authority in the 
language in which the international application was filed, unless otherwise indicated under this item. 

These elements were available or furnished to this Authority in the following language: , which is: 

□ the language of a translation furnished for the purposes of the international search (under Rule 23.1 (b)). 

□ the language of publication of the international application (under Rule 48.3(b)). 

□ the language of a translation furnished for the purposes of international preliminary examination (under 
Rule 55.2 and/or 55.3). v 

3. With regard to any nucleotide and/or amino acid sequence disclosed in the international application the 
international preliminary examination was carried out on the basis of the sequence listing: 

□ contained in the international application in written form. 

□ filed together with the international application in computer readable form. 

□ furnished subsequently to this Authority in written form. 

□ furnished subsequently to this Authority in computer readable form. 

□ The statement that the subsequently furnished written sequence listing does not go beyond the disclosure 
in the international application as filed has been furnished. 

□ The statement that the information recorded in computer readable form is identical to the written sequence 
listing has been furnished. 

4. The amendments have resulted in the cancellation of: 

□ the description, pages: 

□ the claims, Nos.: 

□ the drawings, sheets: 
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5. □ This report has been established as if (some of) the amendments had not been made, since they have 

been considered to go beyond the disclosure as filed (Rule 70.2(c)). 

(Any replacement sheet containing such amendments must be referred to under item 1 and annexed to this 
report.) 

6. Additional observations, if necessary: 

V. Reasoned statement under Article 35(2) with regard to novelty, inventive step or industrial applicability; 
citations and explanations supporting such statement 

1. Statement 

Novelty (N) Yes: Claims 5,6,11,12,17,18 

No: Claims 1-4,7-10,13-16 

Inventive step (IS) Yes: Claims 

No: Claims 1-18 

Industrial applicability (IA) Yes: Claims 1-18 

No: Claims 

2. Citations and explanations 
see separate sheet 
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Re Item V 

Reasoned statement with regard to novelty, inventive step or industrial applicability; 
citations and explanations supporting such statement 

1 Reference is made to the following documents: 

D1 : JAJODIA S ET AL: "Flexible support for multiple access control policies" ACM 
TRANSACTIONS ON DATABASE SYSTEMS ACM USA, vol. 26, no. 2, June 
2001 (2001-06), pages 214-260, XP002301060 ISSN: 0362-5915 

2 The present application does not meet the criteria of Article 33(1) PCT, because the 
subject-matter of claims 1 , 7 and 13 is not new in the sense of Article 33(2) PCT. 

The document D1 discloses according to the features of claim 1 (the references in 
parentheses applying to this document): 

- method for taking a policy decision by a policy decision device (chapter 4.1 , figure 7, 
"Authorization framework") 

- wherein the policy decision device has access to objects being relatable to each other by 
relations of one or more relation types (page 222, Definitions 3.1, 3.2 Authorisation 
Subject/Object Hierarchy ; page 224, example 3.1; figure 5, authorisation subject hierarchy) 

(Example 3.1 in D1 given for a subject hierarchy is valid as such for an object hierarchy as 
well, see page 223, last sentence, page 226, lines 25-37, "... the system security officer 
may specify different propagation policies for each of the hierarchies ..." . Therefore the 
further citations corresponding to the object hierarchy of claim 1 are given referring to the 
subject hierarchy example 3.1 of D1 . This correspondence is directly and unambiguously 
derivable from D1.) 

- receiving a request for the policy decision, the request specifying a first object of the 
objects and request information (figure 7: triple "(o,s,+a)" corresponding to object, subject, 
action; page 229, lines 3-26, "...every request is seen as coming from either a user or a 
role ...") 
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- obtaining a policy matching to the request information and being applicable to a second 
object of the objects (example 3.1 , authorisation for the subject G2 "(0,62,-8)"; figure 7, 
"authorisation table"; chapter 4.1, "authorisation table") 

- obtaining at least one propagation rule assoc iated to the policy (pages 224-226, "We are 
now ready to describe various different authorization propag ation policies ... Path overrides 
... Authorisations of a node are propagated to its subnodes if not overridden ... ") 

- the at least one propagation rule specifying at least one relation type of the one or more 
relation types (page 226, lines 5-17, "Path overrides ... Authorisations of a node are 
propagated to its subnodes ...") 

- verifying if a relation path exits, the relation path linking the first object and the second 
object and consisting of one or more of the relations, verifying if the one or more relations 
of the relation path are in accordance with at least one of the at least one specified relation 
type (page 226, lines 5-17, "Path overrides ... Authorisations of a node are propagated to 
its subnodes figure 6.d, subject G5) 

- if said relation path exists and if said one or more relations of the relation path are in 
accordance, applying the policy to the first object for taking the policy decision (chapter 
3.4, "Example decision policies", figure 6.d, derived authorisation for the subject G5 
"o.GSra" ), figure 7, "granted/denied") 

The same reasoning applies, mutatis mutandis, to the subject-matter of the 
corresponding independent claims 7 and 13 which therefore are also considered not 
new. 

3 Dependent claims 2-6, 8-12 and 14-18 do not contain any features which, in 

combination with the features of any claim to which they refer, meet the requirements 
of the PCT in respect of novelty or inventive step in view of the documents and the 
corresponding passages cited in the search report. 
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